From 9f7cf607bbff393c69c438719708c1b083d97402 Mon Sep 17 00:00:00 2001 From: Tim Lee Date: Mon, 8 Jan 2024 11:22:07 -0700 Subject: [PATCH] Bugfix: Missing Software Aggregation in vuln processing command (#15954) --- changes/15930-bugfix-vuln-cmd | 2 ++ cmd/fleet/cron.go | 40 ++++++++------------------- cmd/fleet/vuln_process.go | 51 ++++++++++++++++++++++++++++------- 3 files changed, 54 insertions(+), 39 deletions(-) create mode 100644 changes/15930-bugfix-vuln-cmd diff --git a/changes/15930-bugfix-vuln-cmd b/changes/15930-bugfix-vuln-cmd new file mode 100644 index 0000000000..344251e853 --- /dev/null +++ b/changes/15930-bugfix-vuln-cmd @@ -0,0 +1,2 @@ +- fixed issue where software title aggregation was not running when triggering a vulnerability scan + via `fleet vuln_processing` \ No newline at end of file diff --git a/cmd/fleet/cron.go b/cmd/fleet/cron.go index 5c08db99e8..20b5fa87dd 100644 --- a/cmd/fleet/cron.go +++ b/cmd/fleet/cron.go @@ -55,35 +55,17 @@ func newVulnerabilitiesSchedule( const name = string(fleet.CronVulnerabilities) interval := config.Periodicity vulnerabilitiesLogger := kitlog.With(logger, "cron", name) - s := schedule.New( - ctx, name, instanceID, interval, ds, ds, - schedule.WithLogger(vulnerabilitiesLogger), - schedule.WithJob( - "cron_vulnerabilities", - func(ctx context.Context) error { - // TODO(lucas): Decouple cronVulnerabilities into multiple jobs. - return cronVulnerabilities(ctx, ds, vulnerabilitiesLogger, config) - }, - ), - schedule.WithJob( - "cron_sync_host_software", - func(ctx context.Context) error { - return ds.SyncHostsSoftware(ctx, time.Now()) - }, - ), - schedule.WithJob( - "cron_reconcile_software_titles", - func(ctx context.Context) error { - return ds.ReconcileSoftwareTitles(ctx) - }, - ), - schedule.WithJob( - "cron_sync_host_software_titles", - func(ctx context.Context) error { - return ds.SyncHostsSoftwareTitles(ctx, time.Now()) - }, - ), - ) + + var options []schedule.Option + + options = append(options, schedule.WithLogger(vulnerabilitiesLogger)) + + vulnFuncs := getVulnFuncs(ctx, ds, vulnerabilitiesLogger, config) + for _, fn := range vulnFuncs { + options = append(options, schedule.WithJob(fn.Name, fn.VulnFunc)) + } + + s := schedule.New(ctx, name, instanceID, interval, ds, ds, options...) return s, nil } diff --git a/cmd/fleet/vuln_process.go b/cmd/fleet/vuln_process.go index b35f1056fa..a015fcab63 100644 --- a/cmd/fleet/vuln_process.go +++ b/cmd/fleet/vuln_process.go @@ -110,16 +110,11 @@ by an exit code of zero.`, } level.Info(logger).Log("msg", "scanning vulnerabilities") start := time.Now() - err = scanVulnerabilities(ctx, ds, logger, &vulnConfig, appConfig, vulnPath) - if err != nil { - // errors during vuln processing should bubble up, so you know the job is failing without having to scour logs, e.g. non-zero exit code - return fmt.Errorf("scanning vulnerabilities err: %w", err) - } - - err = ds.SyncHostsSoftware(ctx, time.Now()) - if err != nil { - // though vulnerability processing succeeded, we'll still fatally error here to indicate there was a problem - return fmt.Errorf("sync hosts software err: %w", err) + vulnFuncs := getVulnFuncs(ctx, ds, logger, &vulnConfig) + for _, vulnFunc := range vulnFuncs { + if err := vulnFunc.VulnFunc(ctx); err != nil { + return err + } } level.Info(logger).Log("msg", "vulnerability processing finished", "took", time.Now().Sub(start)) @@ -156,3 +151,39 @@ func configureVulnPath(vulnConfig config.VulnerabilitiesConfig, appConfig *fleet } return vulnPath } + +type NamedVulnFunc struct { + Name string + VulnFunc func(ctx context.Context) error +} + +func getVulnFuncs(ctx context.Context, ds fleet.Datastore, logger kitlog.Logger, config *config.VulnerabilitiesConfig) []NamedVulnFunc { + vulnFuncs := []NamedVulnFunc{ + { + Name: "cron_vulnerabilities", + VulnFunc: func(ctx context.Context) error { + return cronVulnerabilities(ctx, ds, logger, config) + }, + }, + { + Name: "cron_sync_host_software", + VulnFunc: func(ctx context.Context) error { + return ds.SyncHostsSoftware(ctx, time.Now()) + }, + }, + { + Name: "cron_reconcile_software_titles", + VulnFunc: func(ctx context.Context) error { + return ds.ReconcileSoftwareTitles(ctx) + }, + }, + { + Name: "cron_sync_hosts_software_titles", + VulnFunc: func(ctx context.Context) error { + return ds.SyncHostsSoftwareTitles(ctx, time.Now()) + }, + }, + } + + return vulnFuncs +}